A conventional processing system may include hardware resources, such as a central processing unit (CPU) and random access memory (RAM), as well as software resources, such as an operating system (OS) and one or more end-user programs or applications. An application is typically developed to run on a particular OS. When a typical conventional computer system is started, it loads the OS before loading the end-user programs or applications. The OS typically serves as an intermediary between software applications and the hardware in a processing system.
In addition to RAM and one or more CPUs, a processing system may include a security coprocessor (SC) such as a trusted platform module (TPM). A TPM is a hardware component that resides within a processing system and provides various facilities and services for enhancing the security of the processing system. For example, a TPM may be implemented as an integrated circuit (IC) or semiconductor chip, and it may be used to protect data and to attest to the configuration of a platform.
A TPM may be implemented in accordance with specifications such as the Trusted Computing Group (TCG) TPM Specification Version 1.2, dated Oct. 2, 2003 (hereinafter the “TPM specification”), which includes parts such as Design Principles, Structures of the TPM, and TPM Commands. The TPM specification is published by the TCG and is available from the Internet at www.trustedcomputinggroup.org/home.
The sub-components of a TPM may include an execution engine and secure non-volatile (NV) memory or storage. The secure NV memory is used to store sensitive information, such as encryption keys, and the execution engine protects the sensitive information according to the security policies dictated by the TPM's control logic.
In general, a TCG-compliant TPM provides security services such as attesting to the identity and/or integrity of the platform, based on characteristics of the platform. The platform characteristics typically considered by a TPM include hardware components of the platform, such as the processor(s) and chipset, as well as the software residing in the platform, such as the firmware and OS. A TPM may also support auditing and logging of software processes, as well as verification of platform boot integrity, file integrity, and software licensing. It may therefore be said that a TPM provides a root of trust for a platform.
Accordingly, when a processing system such as a server handles requests from other processing systems such as clients, the server may enforce security policies based on TPM-based attestation. For instance, the server may be configured to deny requests from any client system unless those requests are accompanied by valid, TPM-based platform attestation from that client system. When a conventional processing system uses a TPM, however, that processing system may be able to support only one software environment at a time.
Virtualization products provide features for partitioning a processing system into multiple virtual machines (VMs). For instance, virtualization products may partition and manage a processing system's hardware resources in a way that allows multiple OSs to execute on the same machine concurrently. Specifically, each OS may run in a different VM. Each VM may therefore be considered a substantially independent software environment. An OS running in a VM may be referred to as a guest OS. The VMs may be managed by virtualization products such as a virtual machine monitor (VMM) or hypervisor.
As recognized by the present invention, it would be advantageous if a VMM could allow each of the OSs to operate substantially as if that OS were in its own independent physical machine. U.S. patent application Ser. No. 10/876,944 (“the '944 application”), which is assigned to the same entity as the present application, discusses features to support use of TPMs by VMs. The present application discloses additional features and capabilities relating to TPMs and virtualization.